A method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids

ABSTRACT

This invention publishes a method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids. In this invention, every user area is managed by a fog node which plays the role of data aggregation gateway and data relay. All the users&#39; electricity consumption data sent by smart meters in the same user area are firstly aggregated by the fog node to generate a fog-level aggregate ciphertext. Then the fog node further generates a digital signature for the fog-level aggregate ciphertext and sends these data to a cloud server for long-time storage. The cloud server stores all the aggregate ciphertexts and digital signatures received from different user areas in its database, and provides data query and statistical analysis services for the control center of smart grids. On the premise of without violating users&#39; privacy, the cloud server could provide enough information for the control center, enabling it to compute the sum, arithmetic mean and variance of all users&#39; data in specified areas in a privacy-preserving way.

TECHNICAL FIELD

This invention belongs to technical domains of big data analysis for smart grids and information security, specifically it involves a method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids.

BACKGROUND

Smart grid introduces many emerging information technologies, e.g., cloud computing, artificial intelligence, machine learning, on the basis of conventional power grid systems. It builds an advanced metering infrastructure (AMI) on the traditional system framework to bidirectionally transfer user's electricity consumption data and feedback commands, electricity price information from the control center of smart grid. The core of AMI is an embedded device called smart meter which is installed in the house of users to periodically collect users' electricity consumption data and report them to the control center. The control center uses various data analysis techniques to obtain valuable information from the collected fine-grained user data. With the analysis results, the control center could monitor the situation of smart grid system and dynamically adjust and optimize power generation and distribution. On the other hand, the control center could also dispatch some feedback commands, electricity price information and blackout information to the smart meters via the data transmission channel. By interacting with the smart meters, users could obtain these information and further adjust electricity usage plan of the whole household.

While smart grid employs different techniques to collect and transmit users' electricity consumption data, it introduces many security threats at the same time. Since users' electricity consumption data are transmitted by an open wireless network, user privacy, data confidentiality and data integrity are all threatened during transmission. On one hand, there may exist external adversaries who eavesdrops the communication channel and intercepts, replaces and tampers with users' electricity consumption data, which violates user privacy and even cause chaos to smart grid systems. On the other hand, there may also exist internal adversaries who steals private key of the control center, and with which they could successfully decrypt the ciphertext of any single user, violating data confidentiality and user privacy. Apart from these security threats, with the intrinsic characteristics of smart grid systems including massive user amount, high data density, high-frequency data collection and transmission, low data processing latency, it is a critical problem that how to design a method for efficient verifiable data aggregation and statistical analysis.

Besides, to preserve data confidentiality and user privacy users' electricity consumption data are usually encrypted using various methods immediately at smart meter side, this will cause that data lose their applicability to some extent. After the ciphertexts are aggregated by the aggregator gateway, the control center could only obtain limited statistical information from received aggregate results. Thus, a practical method for data aggregation of electricity consumption data for smart grid is supposed to achieve fundamental security requirements including data confidentiality, integrity and user privacy, and provides the control center with stronger data analysis ability. In terms of performance, it is demanded that data aggregation procedure, integrity verification procedure, decryption and data analysis procedure are as efficient as possible.

Recently, researchers propose many data aggregation methods using different techniques. Homomorphic encryption technique is widely used in the construction of data aggregation algorithms. With the homomorphism property of homomorphic encryption algorithms, when user data are encrypted to ciphertexts, they can be efficiently aggregated and the control center could. directly decrypt aggregate ciphertext to get some statistical results with no need of decryption to ciphertext of single user, which effectively preserve user privacy and data confidentiality. In 2012, Lu et al. proposed a data aggregation scheme for smart grids using Paillier homomorphic encryption algorithm. In their scheme, a special superincreasing sequence is combined with Paillier encryption algorithm to achieve multi-dimension data encryption and aggregation. However, to preserve data integrity, the aggregate gateway needs to compute several bilinear pairing operations which causes high computational overhead. Chen et al. presented a privacy-preserving multi-functional data aggregation scheme using Boneh-Goh-Nissim (BGN) homomorphic encryption algorithm, their scheme leverages the one-lime multiplicative homomorphism and additive homomorphism properties, enabling the control center to obtain sum and variance of user data by decrypting the aggregate ciphertext.

SUMMARY

The purpose of this invention is overcoming the drawbacks of existing techniques and providing a method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids.

The purpose of this invention is achieved by the following technical scheme: the method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids includes:

S1. System Initialization: A trust center generates the security parameters involved in this method and distributes public-private key pairs to communication entities. The mentioned communication entities include smart meters, fog nodes, a cloud server and the control center. Then the trust center publishes all public parameters and sends private keys to corresponding communication entities via a secure channel.

S2. Data Reporting: Smart meters encrypt collected user's electricity consumption data to generate a ciphertext, generate a digital signature for the ciphertext and send the ciphertext and signature as reported data to corresponding fog node for data aggregation.

S3. Fog-level Aggregation: After the fog node receives all reported data from smart meters in its managed area in the prespecified period, it firstly verifies all the digital signatures of reported data. If the verification passes, fog node aggregates all the data ciphertexts of reported data to generate the fog-level aggregate ciphertext and signs the aggregate value to generate a fog-level signature. Then fog node sends the fog-level aggregate ciphertext and fog-level signature to the cloud server for long-time storage.

S4. Data Analysis Request and Response: The control center sends a challenge message which includes a user area list for data analysis and a random chosen coefficient sequence to the cloud server. The cloud server abstracts fog-level aggregate data from its database according to the received user area list. Then it firstly generates a cloud-level aggregate ciphertext and secondly signs the aggregate value to generate verifiable response information using fog-level signatures and received coefficient sequence. Finally it sends these data to the control center.

S5 Verification and Decryption: The control center firstly verifies the response information returned by the cloud server to confirm the data integrity of cloud-level aggregate ciphertext. If the verification passes, control center decrypts the aggregate ciphertext and further computes the arithmetic mean and variance of all users' electricity consumption data within the specified user area list.

It is priority that the security parameters in step S1 include security parameters of key-leakage resilience homomorphic encryption algorithm and security parameters of linear homomorphic digital signature.

It is priority that in step S2, smart meters combine a random blinding technique with the homomorphic encryption algorithm to encrypt user's electricity consumption data. In step S5, the control center uses privacy-preserving decryption algorithm to decrypt response data received from the cloud server.

It is priority that in step S3, the fog nodes use a batch verification method to check the signatures of ciphertexts from smart meters.

It is priority that step S1 includes:

S11. Given a security parameter k, the trust authority generates parameters of a key-leakage resilient homomorphic encryption algorithm (n, g, G, G_(T), e), where e:G×G→G_(T) is an admissible bilinear map, G and G_(T) are both cyclic groups with composite order n, and n=p₁p₂, p₁ and p₂ are both big prime numbers with k-bit length, g is a generator of group G. The trust authority computes public key of the control center as ξ=g^(P2).

S12. The trust authority determines an elliptic curve E over the finite field F_(p) and a bilinear map {tilde over (e)}:G₁×G₁→G₂ based on E, where p is a big prime number, G₁ is an additive cyclic group with order q, G₂ is a multiplicative cyclic group with order q. The trust authority selects a generator P of group G₁, and sets the number of fog nodes in the system to be N and the number of smart meters in each user area to be l. The trust authority sets two secure collision-resistant hash functions: H₁:{0,1}*→G₁,h₁:{0, 1}*→Z_(q)*, where {0, 1}* denotes the set of binary strings with arbitrary length, Z_(q)* is the multiplicative cyclic group which is composed of residue systems relatively prime to q.

S13. The trust authority randomly chooses five constants: α, β, γ, δ, ζ satisfying α·β+γ·δ+ζ=n, where α∈Z_(n), β∈Z_(n), γ∈Z_(n), δ∈Z_(n), ζ∈Z_(n), computes public parameters f=g^(α) and ε=g^(γ). Besides, it selects a private key y_(i)∈Z_(q) for digital signature algorithm for each fog node FN_(i) and computes the corresponding public key Y_(i)=y_(i)P for signature verification.

S14. For each smart meter SM_(ij) with a unique identifier ID_(SM) _(ij) , the trust authority randomly selects a private key y_(ij)∈Z_(q) for digital signature for it, where Z_(q) is the ring of residue classes modulo q, SM_(ij) is the j-th smart meter in the user area corresponding to the i-th fog node FN_(i). The trust authority computes the public key Y_(ij)=y_(ij)P for signature verification for SM_(ij), and selects two random numbers π_(ij) and s_(ij) for each SM_(ij), where π_(ij)∈Z_(n), s_(ij)∈Z_(n), α·π_(ij)+γ·s_(ij)=ζ,

π_(ij)≤β,

s_(ij)≤δ, after that it computes two parameters π_(i)=β−

π_(ij) and s_(i)=δ−

s_(ij) for each fog node FN_(i).

S15. The trust authority sends the private key P₁ to the control center, private key y_(ij), secret parameters π_(ij) and s_(ij) to smart meter SM_(ij), and private key y_(i), secret parameters π_(i) and s_(i) to the fog node FN_(i) via a secure channel.

It is priority that step S2 includes:

S21. For each smart meter SM_(ij) with a unique identifier ID_(SM) _(ij) , it randomly selects a number r_(ij)∈Z_(n) and generates a ciphertext as c_(ij)=f^(π) ^(ij) ε^(s) ^(ij) g^(m) ^(ij) ξ^(r) ^(ij) ∈G, where m_(ij)∈[0,MAX] is the electricity consumption data of user, MAX is a prespecified upper bound of all users' electricity consumption data, MAX is far less than p₂;

S22. The Smart meter SM_(ij) acquires current timestamp t_(ij), and uses the private key y_(ij) to compute a digital signature as σ_(ij)=y_(ij)H(ID_(SM) _(ij) ∥c_(ij)∥t_(ij));

S23. The smart meter SM_(ij) sends {ID_(SM) _(ij) , c_(ij), σ_(ij), t_(ij)} to the corresponding fog node FN_(i).

It is priority that step S3 includes:

S31. After the fog node FN_(i) receives data {ID_(SM) _(ij) , c_(ij), σ_(ij), t_(ij)} from all smart meters SM_(ij), J=1, 2, . . .

of the user area in the time period, it verifies all the signatures σ_(ij) sent by all smart meters SM_(ij) using the following verification equation:

e ~ ( ∑ j = 1 ℓ σ ij , P ) = ∑ ℓ j = 1 e ~ ( H 1 ( ID SM ij ⁢  c ij  ⁢ t ij ) , Y ij ) ;

S32. If the verification equation in step S31 passes, then the fog node FN_(i) computes the first intermediate state ciphertext as c_(i)=

c_(ij) and the second intermediate state ciphertext as C_(i)=f^(π) ^(i) ε^(s) ^(i) c_(i).

S33. The fog node FN_(i) generates fog-level aggregate ciphertexts, which include the first fog-level aggregate ciphertext as CT_(i)=

·c_(i) and the second fog-level aggregate ciphertext as SCT_(i)=

e(c_(ij)C_(i), c_(ij)C_(i)).

S34. The fog node FN_(i) computes a fog-level digital signature as σ_(i)=(y_(i)+h₁(CT_(i)∥SCT_(i)))H₁(ID_(CS)), where ID_(CS) is a unique identifier of the cloud server.

S35. The fog node FN_(i) sends all the aggregate data {CT_(i), SCT_(i), σ_(i)} to cloud server for long-time storage.

It is priority that step S4 includes:

S41. The control center generates a challenge message {L, chal}, and sends it to the cloud server, where L is a list of user areas, L={ϑ₁, ϑ₂, . . . , ϑ_(θ)}⊆{1, 2, . . . , N}, chal={η_(ϑ) ₁ , η_(ϑ) ₂ , . . . , η_(ϑ) _(θ-2) , λ, μ} is a sequence of random matching coefficients of length ϑ.

S42. The cloud server generates cloud-level aggregate ciphertexts, which include the first aggregate ciphertext CT=Π_(ϑ∈L)CT_(ϑ), the second aggregate ciphertext PCT=Π_(ϑ∈L)e(CT_(ϑ), CT_(ϑ)) and the third aggregate ciphertext SCT=Π_(ϑ∈L)SCT_(ϑ).

S43. The cloud server uses random coefficients λ and μ, the cloud-level aggregate ciphertext to produce two random values η_(ϑ) _(θ-1) =h₁(CT∥λ) and η_(ϑ) _(θ) =h₁(PCT∥SCT∥μ). And it gets the signatures {σ_(ϑ) ₁ , σ_(ϑ) ₂ , . . . , σ_(ϑ) _(θ) } of fog-level aggregate ciphertexts from database according to list L and computes an aggregate signature σ=Σ_(ϑ∈L)(η_(ϑ)H₁(ID_(CS))+σ_(ϑ)).

S44. The cloud server computes a combined hash value as h=Σ_(ϑ∈L)h₁(CT_(ϑ)∥SCT_(ϑ)) and a combined public key as Y=Σ_(ϑ∈L)Y_(ϑ).

S45. The cloud server sends the response data Agg={σ, h, Y, CT, PCT, SCT} to the control center.

It is priority that step S5 includes:

S51. The control center uses random coefficients λ and μ, and the cloud-level aggregate ciphertext to produce η_(ϑθ-1)=h₁(CT∥λ) and η_(ϑ) _(θ) =h₁(PCT∥SCT∥μ) in the same way, and computes the sum of random matching coefficients as η=_(ϑ∈L)η_(ϑ), then it verifies the signatures by the following verification equation:

{tilde over (e)}(σ,P)={tilde over (e)}((h+η)H ₁(ID _(CS)),P)·{tilde over (e)}(H ₁(ID _(CS)),Y)

S52. If the verification equation in step S51 passes, the control center uses key-leakage resilient decryption algorithm to compute the discrete logarithm of CT^(P) ¹ of base ĝ=g^(P) ¹ , and divides the result by

+1 to get the sum M of all users' electricity consumption data in the user areas specified in the user area list, namely M=log_(ĝ) ^(CT) ^(p1) /(

+1).

S53. The control center uses private key p₁ to compute discrete logarithms log_(ê) ^(SCT) ^(p1) and log_(ê) ^(PCT) ^(p1) respectively, where ê=e(g, g)^(P) ¹ is a bilinear map value, and computes the sum of squares of all users' electricity consumption data in the user areas specified in the user area list, namely M²=Σ_(ϑ∈L)Σ_(j=1) ^(l)m_(ϑ) _(j) ²=log_(ê) ^(SCT) ^(p1) −(

+2)·(log_(ê) ^(PCT) ^(p1) /(

+1)²).

S54. The control center computes the arithmetic mean of all users' data as

$\overset{¯}{m} = {\frac{M}{\theta \cdot}.}$

S55. The control center computes the variance of all users' data as

${{var}(m)} = {\frac{M^{2}}{\theta \cdot} - {{\overset{¯}{m}}^{2}.}}$

The beneficial effects of this invention includes:

-   -   (1) This invention uses key-leakage resilience homomorphic         encryption algorithm to encrypt users' electricity consumption         data, smart meters combine with the random blinding technique         when generating the ciphertext by public key of the control         center. Even though the corresponding private key of control         center is accidentally leaked in some special cases, any single         ciphertext is still not able to be decrypted, which can         effectively preserve user privacy and data confidentiality.

(2) This invention designs a lightweight batch verification technique for checking data integrity, enabling the control center to verify the data integrity of all ciphertexts with constant time complexity which is independent of the number of user areas and smart meters in a single user area.

(3) This invention can provides flexible data statistical analysis and query functionality for the control center such that the control center or a service provider could selectively specify the range of interested user areas, specifically it could specify an arbitrary subset of indexes of user areas for statistical analysis on demand. Besides, the cloud server could provide enough information for the control center without ‘violating privacy of any single user, with which the control center could compute the sum, arithmetic mean and variance of all users' electricity consumption data in specified user areas.

(4) This invention achieves high performance such that the control center could efficiently verify the data integrity of encrypted aggregate data with constant computational costs and conduct fast statistical analysis even though the amount of users and communication data is large.

(5) This invention, i.e., the method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids, s based on fog-computing framework, it takes advantage of the cloud server and fog nodes deployed at the edge of networks to release computational and communication burdens of business systems.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram of a smart grid system.

FIG. 2 is the flow chart of this invention.

DETAILED DESCRIPTION

This section combines with an implementation instance to clearly and completely describe the technical scheme of this invention. Apparently, the described implementation instance is just a partial instance of this invention which does not cover all possibilities. Based on the implementation instance of this invention, all other implementation instances obtained by technicians of this field without any creative efforts fall in the range protected by this invention.

This invention provides a method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids:

As illustrated by FIG. 1 and FIG. 2, the method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids includes:

S1. System Initialization: A trust center generates the security parameters involved in this method and distributes public-private key pairs to communication entities. The mentioned communication entities include smart meters, fog nodes, a cloud server and the control center. Then the trust center publishes all public parameters and sends private keys to corresponding communication entities via a secure channel.

In some implementation instances, the security parameters in step S1 include security parameters of a key-leakage resilient homomorphic encryption algorithm and security parameters of a linear homomorphic digital signature algorithm.

The aforementioned step S1 includes:

S11. Given a security parameter k, the trust authority generates parameters of a key-leakage resilient homomorphic encryption algorithm (n, g, G, G_(T), e), where e:G×G→G_(T) is an admissible bilinear pairing map, G and G_(T) are both cyclic groups with composite order n, and n=p₁p₂, p₁ and p₂ are both big prime numbers with k-bit length, g is a generator of group G. The trust authority computes public key of the control center as ξ=g^(P2).

S12. The trust authority determines an elliptic curve E over the finite field F_(p) and another bilinear pairing map {tilde over (e)}: G₁×G₁→G₂ based on E, where p is a big prime number, G₁ is an additive cyclic group with order q, G₂ is a multiplicative cyclic group with order q. The trust authority selects a generator P of group G₁, and sets the number of fog nodes in the system to be N and the number of smart meters in each user area to be

. The trust authority sets two secure collision-resistant hash functions: H₁:{0,1}*→G₁, h₁:{0,1}*→Z_(q)*, where {0,1}* denotes the set of binary strings with arbitrary length, Z_(q)* is the multiplicative cyclic group which is composed of residue systems relatively prime to q.

S13. The trust authority randomly chooses five constants: α, β, γ, δ, ζ satisfying α·β+γ·δ+ζ=n, where α∈Z_(n), β∈Z_(n), γ∈Z_(n), δ∈Z_(n), ζ∈Z_(n), computes public parameters f=g^(α) and ε=g^(γ). Besides, the trust authority selects a private key y_(i)∈Z_(q) for digital signature algorithm for each fog node FN_(i) and computes the corresponding public key Y_(i)=y_(i)P for signature verification.

S14. For each smart meter SM_(ij) with a unique identifier ID_(SM) _(ij) , the trust authority randomly selects a private key y_(ij)∈Z_(q) for digital signature, where Z_(q) is the ring of residue classes modulo q, SM_(ij) is the j-th smart meter in the user area corresponding to the i-th fog node FN_(i). The trust authority computes the public key Y_(ij)=y_(ij)P for signature verification for SM_(ij), and selects two random numbers π_(ij) and s_(ij) for each SM_(ij), where π_(ij)∈Z_(n), s_(ij)∈Z_(n), α·π_(ij)+γ·s_(ij)=ζ,

π_(ij)≤β,

s_(ij)≤δ, after that it computes two parameters π_(i)=β−

π_(ij) and s_(i)=δ−

s_(ij) for each fog node FN_(i).

S15. The trust authority sends the private key P₁ to the control center, sends private key y_(ij), secret parameters π_(ij) and s_(ij) to corresponding smart meter SM_(ij), and sends private key y_(i), secret parameters π_(i) and s_(i) to corresponding fog node FN_(i) via a secure channel, respectively.

S2. Data Reporting: Smart meters encrypt collected user's electricity consumption data to generate a ciphertext, generate a digital signature for the ciphertext and send the ciphertext and signature as reported data to corresponding fog node for data aggregation.

In the step S2 of some implementation instances, smart meters combine a random blinding technique with the key-leakage resilient homomorphic encryption algorithm to encrypt users' electricity consumption data. In step S5, the control center uses corresponding key-leakage resilient homomorphic decryption algorithm to decrypt the response data.

The aforementioned step S2 includes:

S21. For each smart meter SM_(ij), with a unique identifier ID_(SM) _(ij) , it randomly selects a number r_(ij)∈Z_(ij), and generates a ciphertext as c_(ij)=f^(π) ^(ij) ε^(s) ^(ij) g^(m) ^(ij) ξ^(r) ^(ij) ∈G, where m_(ij)∈[0,MAX] is the electricity consumption data of user, MAX is a prespecified upper bound of all users' electricity consumption data, MAX is far less than p₂;

S22. The Smart meter SM_(ij), acquires current timestamp t_(ij), and uses the private key y_(ij) to compute a digital signature as σ_(ij)=y_(ij)H (ID_(SM) _(ij) ∥c_(ij)∥t_(ij));

S23. The smart meter SM_(ij) sends {ID_(SM) _(ij) , C_(ij), σ_(ij), t_(ij)} to the corresponding fog node FN_(i).

S3. Fog-level Aggregation: After the fog node receives all reported data from smart meters in its managed area in the prespecified period, it firstly verifies all the digital signatures of reported data. If the verification passes, fog node aggregates all the data ciphertexts of reported data to generate the fog-level aggregate ciphertext and signs the aggregate value to generate a fog-level signature. Then fog node sends the fog-level aggregate ciphertext and fog-level signature to the cloud server for long-time storage.

The aforementioned step S3 includes:

S31. After the fog node FN_(i) receives data {ID_(SM) _(ij) , C_(ij), σ_(ij), t_(ij)} from all smart meters SM_(ij), j=1, 2, . . . ,

of the user area in the time period, it verifies all the signatures σ_(ij) sent by all smart meters SM_(ij) using the following verification equation:

$\begin{matrix} {{{\overset{\sim}{e}\left( {{\underset{j = 1}{\sum\limits^{\ell}}\sigma_{ij}},P} \right)} = {\sum\limits_{j = 1}^{\ell}{\overset{\sim}{e}\left( {{H_{1}\left( {{ID}_{{SM}_{ij}}{c_{ij}\ }t_{ij}} \right)},Y_{ij}} \right)}}};} &  \end{matrix}$

S32. If the verification equation in step S31 passes, then the fog node FN_(i) computes the first intermediate state ciphertext as c_(i)=

c_(ij) and the second intermediate state ciphertext as C_(i)=f^(π) ^(i) ε^(s) ^(i) c_(i).

S33. The fog node FN_(i) generates fog-level aggregate ciphertexts, which include the first fog-level aggregate ciphertext as CT_(i)=

·c_(i) and the second fog-level aggregate ciphertext as SCT_(i)=

e(c_(ij)C_(i),c_(ij)C_(i)).

S34. The fog node FN_(i) computes a fog-level digital signature as σ_(i)=(y_(i)+h₁(CT_(i)∥SCT_(i)))H₁(ID_(CS)), where ID_(CS) is a unique identifier of the cloud server.

S35. The fog node FN_(i) sends all the aggregate data {CT_(i), SCT_(i), σ_(i)} to cloud server for long-time storage.

S4. Data Analysis Request and Response: The control center sends a challenge message which includes a user area list for data analysis and a random chosen coefficient sequence to the cloud server. The cloud server abstracts fog-level aggregate data from its database according to the received user area list. Then it firstly generates a cloud-level aggregate ciphertext and secondly signs the aggregate value to generate verifiable response information using fog-level signatures and received coefficient sequence. Finally it sends these data to the control center.

The aforementioned step S4 includes:

S41. The control center generates a challenge message {L, chal}, and sends it to the cloud server, where L is a list of user areas, L={ϑ₁, ϑ₂, . . . , ϑ_(θ)}⊆{1, 2, . . . , N}, chal={η_(ϑ) ₁ , η_(ϑ) ₂ , . . . , η_(ϑ) _(θ-2) , λ, μ} is a sequence of random matching coefficients of length ϑ.

S42. The cloud server generates cloud-level aggregate ciphertexts, which include the first aggregate ciphertext CT=Π_(ϑ∈L)CT_(ϑ), the second aggregate ciphertext PCT=Π_(ϑ∈L)e(CT_(ϑ), CT_(ϑ)) and the third aggregate ciphertext SCT=Π_(ϑ∈L)SCT_(ϑ).

S43. The cloud server uses random coefficients λ and μ, the cloud-level aggregate ciphertext to produce two random values η_(ϑ) _(θ-1) =h₁(CT∥λ) and η_(ϑ) _(θ) =h₁(PCT∥SCT∥μ). And it gets the signatures {σ_(ϑ) ₁ , σ_(ϑ) ₂ , . . . , σ_(ϑ) _(θ) } of fog-level aggregate ciphertexts from database according to list L and computes an aggregate signature σ=Σ_(ϑ∈L)(η_(ϑ)H₁(ID_(CS))+σ_(ϑ)).

S44. The cloud server computes a combined hash value as h=Σ_(ϑ∈L)h₁(CT_(ϑ)∥SCT_(ϑ)) and a combined public key as Y=Σ_(ϑ∈L)Y_(ϑ).

S45. The cloud server sends the response data Agg={σ, h, Y, CT, PCT, SCT} to the control center.

S5. Verification and Decryption: The control center firstly verifies the response information returned by the cloud server to confirm the data integrity of cloud-level aggregate ciphertext. If the verification passes, the control center decrypts the aggregate ciphertext and further computes the arithmetic mean and variance of all users' electricity consumption data within the specified user area list.

In the step S5 of some implementation instances, the control center uses the key-leakage resilient homomorphic decryption algorithm to decrypt the response data.

The aforementioned step S5 includes:

S51. The control center uses random coefficients λ and μ, and the cloud-level aggregate ciphertext to produce η_(ϑθ-1)=h₁(CT∥λ) and η_(ϑ) _(θ) =h₁(PCT∥SCT∥μ) in the same way, and computes the sum of random matching coefficients as η=_(ϑ∈L)η_(ϑ), then it verifies the signatures by the following verification equation:

{tilde over (e)}(σ,P)={tilde over (e)}((h+η)H ₁(ID _(CS)),P)·{tilde over (e)}(H ₁(ID _(CS)),Y)

S52. If the verification equation in step S51 passes, the control center uses key-leakage resilient decryption algorithm to compute the discrete logarithm of CT^(P) ¹ of base ĝ=g^(P) ¹ , and divides the result by

+1 to get the sum M of all users' electricity consumption data in the user areas specified in the user area list, namely M=log_(ĝ) ^(CT) ^(p1) /(

+1).

S53. The control center uses private key p₁ to compute discrete logarithms log_(ê) ^(SCT) ^(p1) and log_(ê) ^(PCT) ^(p1) respectively, where ê=e(g, g)^(P1) is a bilinear map value, and computes the sum of squares of all users' electricity consumption data in the user areas specified in the user area list, namely M²=Σ_(ϑ∈L)Σ_(j=1) ^(l)m_(ϑ) _(j) ²=log_(ê) ^(SCT) ^(p1) −(l+2)·(log_(ê) ^(PCT) ^(p1) /(

+1)²).

S54. The control center computes the arithmetic mean of all users' data as

$\overset{¯}{m} = {\frac{M}{\theta \cdot}.}$

S55. The control center computes the variance of all users' data as

${{var}(m)} = {\frac{M}{\theta \cdot} - {{\overset{\_}{m}}^{2}.}}$

Each user area in this implementation instance is supervised by a fog node which plays the role of a data aggregate gateway and a data relay. All encrypted data sent by smart meters in the user area are aggregated for the first time by the fog node to generate a fog-level aggregate ciphertext. Then the fog node computes a signature for the fog-level aggregate ciphertext and sends all data to the cloud server for long-time storage. The cloud server stores all fog-level aggregate ciphertexts and signatures of different user areas in the database and provides data query service for the control center of smart grids.

The correctness of this implementation instance is proved as follows:

Let M_(ϑ)=

m_(ϑ) _(j) , M_(ϑ) ²=(

m_(ϑ) _(j) )², R_(ϑ)=

r_(ϑ) _(j) , M=Σ_(ϑ∈L)M_(ϑ), R=Σ_(ϑ∈L)R_(ϑ), M²=Σ_(ϑ∈L)

m_(ϑj) ².

The correctness of equation for data integrity verification is proved as follows:

$\begin{matrix} {{\overset{\sim}{e}\left( {\sigma,P} \right)} = {\overset{\sim}{e}\left( {{\sum\limits_{\vartheta \in L}\left( {{\eta_{\vartheta}{H_{1}\left( {ID}_{CS} \right)}} + \sigma_{\vartheta}} \right)},P} \right)}} \\ {= {\overset{\sim}{e}\left( {{\sum\limits_{\vartheta \in L}{\left( {\eta_{\vartheta} + y_{\vartheta} + {h_{1}\left( {{CT}_{\vartheta}{❘❘}{SCT}_{\vartheta}} \right)}} \right){H_{1}\left( {ID}_{CS} \right)}}},P} \right)}} \\ {= {{\overset{\sim}{e}\left( {{\sum\limits_{\vartheta \in L}{\left( {\eta_{\vartheta} + {h_{1}\left( {{CT}_{\vartheta}{❘❘}{SCT}_{\vartheta}} \right)}} \right){H_{1}\left( {ID}_{CS} \right)}}},P} \right)} \cdot}} \\ {\overset{\sim}{e}\left( {{\sum\limits_{\vartheta \in L}{y_{\vartheta}{H_{1}\left( {ID}_{CS} \right)}}},P} \right)} \\ {= {{\overset{\sim}{e}\left( {{\left( {h + \eta} \right){H_{1}\left( {ID}_{CS} \right)}},P} \right)} \cdot {\overset{\sim}{e}\left( {{H_{1}\left( {ID}_{CS} \right)},{\sum\limits_{\vartheta \in L}{y_{\vartheta}P}}} \right)}}} \\ {= {{\overset{\sim}{e}\left( {{\left( {h + \eta} \right){H_{1}\left( {ID}_{CS} \right)}},P} \right)} \cdot {\overset{\sim}{e}\left( {{H_{1}\left( {ID}_{CS} \right)},Y} \right)}}} \end{matrix}$

The correctness of computing statistical information M by the control center is proved as follows:

$\begin{matrix} {{CT}^{p_{1}} = \left( {\prod\limits_{\vartheta \in L}{CT}_{\vartheta}} \right)^{p_{1}}} \\ {= \left( {\prod\limits_{\vartheta \in L}{C_{\vartheta}^{\ell} \cdot c_{\vartheta}}} \right)^{p_{1}}} \\ {= \left( {\prod\limits_{\vartheta \in L}{\left( {f^{\pi_{\vartheta}}\varepsilon^{s_{\vartheta}}c_{\vartheta}} \right)^{\ell} \cdot c_{\vartheta}}} \right)^{p_{1}}} \\ {= \left( {\prod\limits_{\vartheta \in L}{\left( {f^{\beta}\varepsilon^{\delta}g^{M_{\vartheta}}\xi^{R_{\vartheta}}} \right)^{\ell} \cdot {\prod\limits_{j = 1}^{\ell}c_{\vartheta j}}}} \right)^{p_{1}}} \\ {= \left( {\prod\limits_{\vartheta \in L}{g^{{({\ell + 1})}M_{\vartheta}}\xi^{{({\ell + 1})}R_{\vartheta}}}} \right)^{p_{1}}} \\ {= \left( {g^{{({\ell + 1})} \cdot {\sum_{\vartheta \in L}M_{\vartheta}}}\xi^{{({\ell + 1})} \cdot {\sum_{\vartheta \in L}R_{\vartheta}}}} \right)^{p_{1}}} \\ {= {\left( g^{p_{1}} \right)^{{({\ell + 1})} \cdot M} = {\hat{g}}^{{({\ell + 1})} \cdot M}}} \end{matrix}$ SoM = log_(ĝ)^(CT^(p₁))/(ℓ + 1).

The correctness of computing statistical information M² by the control center is proved as follows:

$\begin{matrix} {{PCT}^{p_{1}} = \left( {\prod\limits_{\vartheta \in L}{e\left( {{CT}_{\vartheta},{CT}_{\vartheta}} \right)}} \right)^{p_{1}}} \\ {= \left( {\prod\limits_{\vartheta \in L}{e\left( {{g^{{({\ell + 1})}M_{\vartheta}}\xi^{{({\ell + 1})}R_{\vartheta}}},{g^{{({\ell + 1})}M_{\vartheta}}\xi^{{({\ell + 1})}R_{\vartheta}}}} \right)}} \right)^{p_{1}}} \\ {= \left( {\prod\limits_{\vartheta \in L}\left( {{e\left( {g,g} \right)}^{{({{({\ell + 1})}M_{\vartheta}})}^{2}} \cdot} \right.} \right.} \\ \left. \left. {}{e\left( {g,\xi} \right)}^{{2{({\ell + 1})}{M_{\vartheta} \cdot {({\ell + 1})}}R_{\vartheta}} + {p_{2}({{({\ell + 1})}R_{\vartheta}})}^{2}} \right) \right)^{p_{1}} \\ {= \left( {{e\left( {g,g} \right)}^{{({\ell + 1})}^{2}{\sum_{\vartheta \in L}M_{\vartheta}^{2}}} \cdot} \right.} \\ \left. {}{e\left( {g,\xi} \right)^{\sum_{\vartheta \in L}{({{2{({\ell + 1})}{M_{\vartheta} \cdot {({\ell + 1})}}R_{\vartheta}} + {p_{2}({{({\ell + 1})}R_{\vartheta}})}^{2}})}}} \right)^{p_{1}} \\ {= {\hat{e}}^{{({\ell + 1})}^{2}{\sum_{\vartheta \in L}M_{\vartheta}^{2}}}} \end{matrix}$ $\begin{matrix} {{SCT}^{p_{1}} = \left( {\prod\limits_{\vartheta \in L}{SCT}_{\vartheta}} \right)^{p_{1}}} \\ {= \text{}{\prod\limits_{\vartheta \in L}{SCT}_{\vartheta}^{p_{1}}}} \\ {= {\prod\limits_{\vartheta \in L}\left( {\prod\limits_{j = 1}^{\ell}{e\left( {{c_{\vartheta j}C_{\vartheta}},{c_{\vartheta j}C_{\vartheta}}} \right)}} \right)^{p_{1}}}} \\ {= {\prod\limits_{\vartheta \in L}\left( {\prod\limits_{j = 1}^{\ell}{e\left( {{g^{m_{\vartheta j} + M_{\vartheta}}\xi^{r_{\vartheta j} + R_{\vartheta}}},{g^{m_{\vartheta j} + M_{\vartheta}}\xi^{r_{\vartheta j} + R_{\vartheta}}}} \right)}} \right)^{p_{1}}}} \\ {= {\prod\limits_{\vartheta \in L}\left( {\prod\limits_{j = 1}^{\ell}\left( {{e\left( {g,g} \right)}^{{({m_{\vartheta j} + M_{\vartheta}})}^{2}} \cdot} \right.} \right.}} \\ \left. \left. {}{e\left( {g,\xi} \right)}^{{2{({m_{\vartheta j} + M_{\vartheta}})}{({r_{\vartheta j} + R_{\vartheta}})}} + {p_{2}({r_{\vartheta j} + R_{\vartheta}})}^{2}} \right) \right)^{p_{1}} \\ {= {\prod\limits_{\vartheta \in L}\left( {{e\left( {g,g} \right)}^{\sum_{j = 1}^{\ell}{({m_{\vartheta j} + M_{\vartheta}})}^{2}} \cdot} \right.}} \\ \left. {}{e\left( {g,\xi} \right)}^{\sum_{j = 1}^{\ell}{({{2{({m_{\vartheta j} + M_{\vartheta}})}{({r_{\vartheta j} + R_{\vartheta}})}} + {p_{2}({r_{\vartheta j} + R_{\vartheta}})}^{2}})}} \right)^{p_{1}} \\ {= {\prod\limits_{\vartheta \in L}{\hat{e}}^{\sum_{j = 1}^{\ell}{({m_{\vartheta j} + M_{\vartheta}})}^{2}}}} \\ {= {\hat{e}}^{\sum_{\vartheta \in L}{\sum_{j = 1}^{\ell}{({m_{\vartheta j} + M_{\vartheta}})}^{2}}}} \\ {= {\hat{e}}^{\sum_{\vartheta \in L}{\sum_{j = 1}^{\ell}{({m_{\vartheta j}^{2} + {2M_{\vartheta}} + M_{\vartheta}^{2}})}}}} \\ {= {\hat{e}}^{{\sum_{\vartheta \in L}{\sum_{j = 1}^{\ell}m_{\vartheta j}^{2}}} + {2{\sum_{\vartheta \in L}M_{\vartheta}}} + {\sum_{j = 1}^{\ell}m_{\vartheta j}} + {\ell \cdot {\sum_{\vartheta \in L}M_{\vartheta}^{2}}}}} \\ {= {\hat{e}}^{M^{2} + {2{\sum_{\vartheta \in L}M_{\vartheta}^{2}}} + {\ell \cdot {\sum_{\vartheta \in L}M_{\vartheta}^{2}}}}} \\ {= {\hat{e}}^{M^{2} + {{({\ell + 2})} \cdot {\sum_{\vartheta \in L}M_{\vartheta}^{2}}}}} \end{matrix}$ SoM² = log_(ê)^(SCT^(p₁)) − (ℓ + 2) ⋅ (log_(ê)^(SCT^(p₁))/(ℓ + 1)²).

The aforementioned contents are just the prior implementation of this invention. It is to be understood that this invention is not limited to the forms disclosed herein, and is not to be construed as excluding other embodiments, but is capable of use in various other combinations, modifications, and environments and is capable of modifications within the scope of the teachings presented herein or the skill or knowledge of the relevant art. It is intended that the present invention cover the modifications and variations of this invention provided they come within the spirit and scope of the appended claims. 

1. The features of this method, i.e., the method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids, include the following five aspects: S1. System Initialization: A trust center generates the security parameters involved in this method and distributes public-private key pairs to communication entities. The mentioned communication entities include smart meters, fog nodes, a cloud server and the control center. Then the trust center publishes all public parameters and sends private keys to corresponding communication entities via a secure channel. S2. Data Reporting: A smart meter encrypts electricity consumption data to generate a ciphertext, generates a digital signature for the ciphertext and sends the ciphertext and signature as reported data to corresponding fog node for data aggregation. S3. Fog-level Aggregation: After the fog node receives all reported data from smart meters in its managed area in the prespecified period, it firstly verifies all the digital signatures of reported data. If the verification passes, fog node aggregates all the data ciphertexts of reported data to generate the fog-level aggregate ciphertext and signs the aggregate value to generate a fog-level signature. Then fog node sends the fog-level aggregate ciphertext and fog-level signature to the cloud server for long-time storage. S4. Data Analysis Request and Response: The control center sends a challenge message which includes a user area list for data analysis and a random chosen coefficient sequence to the cloud server. The cloud server gets fog-level aggregate data from its database according to the received user area list. Then it firstly generates a cloud-level aggregate ciphertext, and signs the aggregate value to generate verifiable response information using fog-level signatures and received coefficient sequence. Finally it sends these data to the control center. S5. Verification and Decryption: The control center firstly verifies the response information returned by the cloud server to confirm the data integrity of cloud-level aggregate ciphertext. If the verification passes, the control center decrypts the aggregate ciphertext and further computes the arithmetic mean and variance of all users' electricity consumption data within the specified user area list.
 2. According to aforementioned method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids in claim 1, it is characterized in that the security parameters of step S1 is twofold, including security parameters of a key-leakage resilient homomorphic encryption algorithm and security parameters of a linear homomorphic digital signature algorithm.
 3. According to aforementioned method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids in claim 1, it is characterized in that smart meters combine a random blinding technique with a key-leakage resilient homomorphic algorithm to encrypt users' electricity consumption data in step S2 and use a privacy-preserving decryption algorithm to decrypt the response data in step S5.
 4. According to aforementioned method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids in claim 1, it is characterized in that fog nodes use a batch verification method to check the data integrity of received data in step S3.
 5. According to aforementioned method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids in claim 1, it is characterized in that the step S1 includes: S11. Given a security parameter k, the trust authority generates parameters of a key-leakage resilient homomorphic encryption algorithm (n, g, G, G_(T), e), where e:G×G→G_(T) is an admissible bilinear map, G and G_(T) are both cyclic groups with composite order n, and n=p₁p₂, p₁ and p₂ are both big prime numbers with k-bit length, g is a generator of group G. The trust authority computes public key of the control center as ξ=g^(P2). S12. The trust authority determines an elliptic curve E over the finite field F_(p) and another bilinear map {tilde over (e)}:G₁×G₁→G₂ based on E, where p is a big prime number, G₁ is an additive cyclic group with order q, G₂ is a multiplicative cyclic group with order q. The trust authority selects a generator P of group G₁, and sets the number of fog nodes in the system to be N and the number of smart meters in each user area to be l. The trust authority sets two secure collision-resistant hash functions: H₁:{0,1}*→G₁,h₁:{0, 1}*→Z_(q)*, where {0, 1}* denotes the set of binary strings with arbitrary length, Z_(q)* is the multiplicative cyclic group which is composed of residue systems relatively prime to q. S13. The trust authority randomly chooses five constants: α, β, γ, δ, ζ satisfying α·β+γ·δ+ζ=n, where α∈Z_(n), β∈Z_(n), γ∈Z_(n), δ∈Z_(n), ζ∈Z_(n), computes public parameters f=g^(α) and ε=g^(γ). Besides, it selects a private key y_(i)∈Z_(q) for digital signature algorithm for each fog node FN_(i) and computes the corresponding public key Y_(i)=y_(i)P for signature verification. S14. For each smart meter SM_(ij) with a unique identifier ID_(SM) _(ij) , the trust authority randomly selects a private key y_(ij)∈Z_(q) for digital signature, where Z_(q) is the ring of residue classes modulo q, SM_(ij) is the j-th smart meter in the user area corresponding to the i-th fog node FN_(i). The trust authority computes the public key Y_(ij)=y_(ij)P for signature verification for SM_(ij), and selects two random numbers π_(ij) and s_(ij) for each SM_(ij), where π_(ij)∈Z_(n), s_(ij)∈Z_(n), α·π_(ij)+γ·s_(ij)=ζ,

π_(ij)≤β,

s_(ij)≤δ, after that it computes two parameters π_(i)=β−

π_(ij) and s_(i)=δ−

s_(ij) for each fog node FN_(i). S15. The trust authority sends the private key P₁ to the control center, private key y_(ij), secret parameters π_(ij) and s_(ij) to smart meter SM_(ij), and private key y_(i), secret parameters π_(i) and s_(i) to the fog node FN_(i) via a secure channel, respectively.
 6. According to aforementioned method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids in claim 5, it is characterized in that the step S2 includes: S21. For each smart meter SM_(ij) with a unique identifier ID_(SM) _(ij) , it randomly selects a number r_(ij)∈Z_(n) and generates a ciphertext as c_(ij)=f^(π) ^(ij) ε^(s) ^(ij) g^(m) ^(ij) ξ^(r) ^(ij) ∈G, where m_(ij)∈[0,MAX] is the electricity consumption data of user, MAX is a prespecified upper bound of all users' electricity consumption data, MAX is far less than p₂; S22. The Smart meter SM_(ij) acquires current timestamp t_(ij), and uses the private key y_(ij) to compute a digital signature as σ_(ij)=y_(ij)H(ID_(SM) _(ij) ∥c_(ij)∥t_(ij)); S23. The smart meter SM_(ij) sends {ID_(SM) _(ij) , c_(ij), σ_(ij), t_(ij)} to the corresponding fog node FN_(i).
 7. According to aforementioned method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids in claim 6, it is characterized in that the step S3 includes: S31. After the fog node FN_(i) receives data {ID_(SM) _(ij) , c_(ij), σ_(ij), t_(ij)} from all smart meters SM_(ij), J=1, 2, . . . l of the user area in the time period, it verifies all the signatures σ_(ij) sent by all smart meters SM_(ij) using the following verification equation: ${{\overset{\sim}{e}\left( {{\sum\limits_{j = 1}^{\ell}\sigma_{ij}},P} \right)} = {\sum\limits_{j = 1}^{\ell}{\overset{\sim}{e}\left( {{H_{1}\left( {{ID}_{{SM}_{ij}}{c_{ij}}t_{ij}} \right)},Y_{ij}} \right)}}};$ S32. If the verification equation in step S31 passes, then the fog node FN_(i) computes the first intermediate state ciphertext as c_(i)=

c_(ij) and the second intermediate state ciphertext as C_(i)=f^(π) ^(i) ε^(s) ^(i) c_(i). S33. The fog node FN_(i) generates fog-level aggregate ciphertexts, which include the first fog-level aggregate ciphertext as CT_(i)=

·c_(i) and the second fog-level aggregate ciphertext as SCT_(i)=

e(c_(ij)C_(i), c_(ij)C_(i)). S34. The fog node FN_(i) computes a fog-level digital signature as σ_(i)=(y_(i)+h₁(CT_(i)∥SCT_(i)))H₁(ID_(CS)), where ID_(CS) is a unique identifier of the cloud server. S35. The fog node FN_(i) sends all the aggregate data {CT_(i), SCT_(i), σ_(i)} to cloud server for long-time storage.
 8. According to aforementioned method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids in claim 7, it is characterized in that the step S4 includes: S41. The control center generates a challenge message {L, chal}, and sends it to the cloud server, where L is a list of user areas, L={ϑ₁, ϑ₂, . . . , ϑ_(θ)}⊆{1, 2, . . . , N}, chal={η_(ϑ) ₁ , η_(ϑ) ₂ , . . . , η_(ϑ) _(θ-2) , λ, μ} is a sequence of random matching coefficients of length ϑ. S42. The cloud server generates cloud-level aggregate ciphertexts, which include the first aggregate ciphertext CT=Π_(ϑ∈L)CT_(ϑ), the second aggregate ciphertext PCT=Π_(ϑ∈L)e(CT_(ϑ), CT_(ϑ)) and the third aggregate ciphertext SCT=Π_(ϑ∈L)SCT_(ϑ). S43. The cloud server uses random coefficients λ and μ, the cloud-level aggregate ciphertext to produce two random values η_(ϑ) _(θ-1) =h₁(CT∥λ) and η_(ϑ) _(θ) =h₁(PCT∥SCT∥μ). And it gets the signatures {σ_(ϑ) ₁ , σ_(ϑ) ₂ , . . . , σ_(ϑ) _(θ) } of fog-level aggregate ciphertexts from database according to list L and computes an aggregate signature σ=Σ_(ϑ∈L)(η_(ϑ)H₁(ID_(CS))+σ_(ϑ)). S44. The cloud server computes a combined hash value as h=Σ_(ϑ∈L)h₁(CT_(ϑ)∥SCT_(ϑ)) and a combined public key as Y=Σ_(ϑ∈L)Y_(ϑ). S45. The cloud server sends the response data Agg={σ, h, Y, CT, PCT, SCT} to the control center.
 9. According to aforementioned method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids in claim 8, it is characterized in that the step S5 includes: S51. The control center uses random coefficients λ and μ, and the cloud-level aggregate ciphertext to produce η_(ϑθ-1)=h₁(CT∥λ) and η_(ϑ) _(θ) =h₁(PCT∥SCT∥μ) in the same way, and computes the sum of random matching coefficients as η=_(ϑ∈L)η_(ϑ), then it verifies the signatures by the following verification equation: {tilde over (e)}(σ,P)={tilde over (e)}((h+η)H ₁(ID _(CS)),P)·{tilde over (e)}(H ₁(ID _(CS)),Y) S52. If the verification equation in step S51 passes, the control center uses key-leakage resilient decryption algorithm to compute the discrete logarithm of CT^(P) ¹ of base ĝ=g^(P) ¹ , and divides the result by

+1 to get the sum M of all users' electricity consumption data in the user areas specified in the user area list, namely M=log_(ĝ) ^(CT) ^(p1) /(

+1). S53. The control center uses private key p₁ to compute discrete logarithms log_(ê) ^(SCT) ^(p1) and log_(ê) ^(PCT) ^(p1) respectively, where ê=e(g, g)^(P1) is a bilinear map value, and computes the sum of squares of all users' electricity consumption data in the user areas specified in the user area list, namely M²=Σ_(ϑ∈L)Σ_(j=1) ^(l)m_(ϑ) _(j) ²=log_(ê) ^(SCT) ^(p1) −(l+2)·(log_(ê) ^(PCT) ^(p1) /(

+1)²). S54. The control center computes the arithmetic mean of all users' data as $\overset{¯}{m} = {\frac{M}{\theta \cdot}.}$ S55. The control center computes the variance of all users' data as ${{var}(m)} = {\frac{M}{\theta \cdot} - {{\overset{\_}{m}}^{2}.}}$ 